Of course, when everyone sets min-release-age=7, supply chain attacks won't get noticed until 7 days later. So you should set min-release-age=14 and be safe forever.
replyI chuckled, but in all seriousness, thankfully those individuals and companies who often discover these attacks listen in on every new npm push and analyze it relatively fast. The time to detect is sometimes in minutes in recent months, less than the process of getting npm to remove the packages. Not always but looking at recent ones and advances in latest SOTA models make detection easier than ever. It might change as attackers get more sophisticated.
replyNice ad you got there.
How do I define request interceptors with fetch? Axios does it.
replyYou can add your own wrapper but if you're building a whole auth/retry/logging layer, axios is probably better for that. For most other use cases a small wrapper will do the job.
replyDidn't mean it as an ad btw, the supply chain risk is real though. Axios could be the best HTTP library ever written and it still would've dropped a RAT on your laptop on March 31 without min-release-age set.